IPDebrief

104.236.69.29

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 104.236.69.29/32

Briefing Date: 2026-06-16

Intel Source: IPDebrief Threat Intelligence Platform

Classification: SOC Actionable Intelligence

---

## Executive Summary

IP address 104.236.69.29 is a DigitalOcean cloud infrastructure endpoint operating as a web server. Current risk assessment indicates Moderate Risk (55/100) with no active threat indicators. The IP resolves to Cloudways hosting infrastructure and exhibits standard web server characteristics. Monitoring is recommended due to elevated risk score, though blocking is not currently justified without corroborating threat signals.

---

## Infrastructure Profile

AttributeValue
**Risk Score**55/100 (Moderate)
**ASN**14061 (DigitalOcean, LLC)
**Organization**DIGITALOCEAN-104-236-0-0
**CIDR Block**104.236.0.0/16
**Geolocation**US, NJ, Clifton
**Infrastructure Type**CloudCompute (Cloud Provider)
**Service Purpose**Web Server

---

## Service Exposure

The endpoint exposes standard web services with SSH access:

PortProtocolServiceStatus
80TCPHTTPOpen
443TCPHTTPSOpen
22TCPSSHOpen (OpenSSH_9.2p1 Debian-2+deb12u9)

Server Stack: nginx (TLS 1.3, TLS_AES_256_GCM_SHA384 cipher suite)

TLS Certificate: Sectigo Public Server Authentication CA DV R36, subject: *.cloudwaysapps.com

---

## DNS & Hostname Resolution

---

## Threat Indicators Assessment

---

## Network Neighborhood Analysis

Subnet: 104.236.69.0/24

No neighboring IPs in the /24 subnet show threat indicators.

---

## Control Plane Stability

---

## Historical Observations

Signal history indicates stable infrastructure behavior:

---

## Relationship Graph

---

## Recommended Actions

Monitoring (High Priority)

Firewall Rules (Prepared)

```bash

# iptables

iptables -A INPUT -s 104.236.69.29 -j DROP

# nftables

nft add rule inet filter input ip saddr 104.236.69.29 drop

# nginx

deny 104.236.69.29;

# pfSense

104.236.69.29/32

# Cloudflare WAF

ip.src eq 104.236.69.29 β†’ Block

# AWS WAF

Addresses: 104.236.69.29/32

```

---

## Analyst Notes

Key Observation: Risk score of 55/100 is elevated but lacks corroborating threat indicators. The IP is associated with Cloudways hosting (a legitimate PaaS provider), and neighborhood analysis shows a clean subnet with no abuse density.

Recommended Approach: Maintain monitoring without immediate blocking. The elevated risk score may reflect general cloud infrastructure baseline risk rather than active malicious activity. Implement additional validation if threat intelligence correlates with known campaigns or if behavioral anomalies emerge.

Action Priority: Monitor (High) β€” Block only if corroborated by additional threat signals.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionNJ
CityClifton
Timezoneβ€”
Latitude40.86
Longitude-74.16

🏒 Ownership & Registration

OrganizationDigitalOcean, LLC
ASNAS14061
Network NameDIGITALOCEAN-104-236-0-0
CIDR Block104.236.0.0/16
RIRARIN
CountryUnited States
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR1610509.cloudwaysapps.com
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames1610509.cloudwaysapps.com

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeWeb Server
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
443httpstcpβ€”
22sshtcp
Closed Ports25, 3389, 8080, 8443 (3 open / 7 scanned)
Servernginx
HTTP Titleβ€”
SSH VersionSSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u9

πŸ” TLS Certificate

πŸ”’
CN=*.cloudwaysapps.com
Issued by CN=Sectigo Public Server Authentication CA DV R36, O=Sectigo Limited, C=GB
Self-signed: No
SANs*.cloudwaysapps.comcloudwaysapps.com
Valid From2026-03-24T00:00:00+00:00
Valid Until2026-09-08T23:59:59+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period168 days
Serial Number009B708F987840C872F8BA3107B1BE80B7
Thumbprint6C279C136F317BAEDEEEEA2E6CD5AABC7627E2E2

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
40%
23
routing
17%
11
services
35%
23
ownership
35%
23
reputation
32%
13
geolocation
17%
11
Overall29%914
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-06-09 14:17:04 UTC
Last Seen2026-06-21 16:11:21 UTC
Profile Built2026-06-21 16:14:04 UTC
Data FreshnessLive
Signal Types22
Total Observations24
πŸ” 22 signal types Β· 24 observations collected
This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.